Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 4 of 4 for IsAuthorizedForSignerName (0.36 sec)

  2. github.com/kubernetes/kubernetes

    plugin/pkg/admission/certificates/util.go 

    */

package certificates

import (
	"context"
	"strings"

	"k8s.io/apiserver/pkg/authentication/user"
	"k8s.io/apiserver/pkg/authorization/authorizer"
	"k8s.io/klog/v2"
)

// IsAuthorizedForSignerName returns true if 'info' is authorized to perform the given
// 'verb' on the synthetic 'signers' resource with the given signerName.
// If the user does not have permission to perform the 'verb' on the given signerName,
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Sat May 16 11:54:27 UTC 2020
    - 2.6K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    plugin/pkg/admission/certificates/approval/admission.go 

    	csr, ok := a.GetOldObject().(*api.CertificateSigningRequest)
	if !ok {
		return admission.NewForbidden(a, fmt.Errorf("expected type CertificateSigningRequest, got: %T", a.GetOldObject()))
	}

	if !certificates.IsAuthorizedForSignerName(ctx, p.authz, a.GetUserInfo(), "approve", csr.Spec.SignerName) {
		klog.V(4).Infof("user not permitted to approve CertificateSigningRequest %q with signerName %q", csr.Name, csr.Spec.SignerName)
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Sat May 16 11:54:27 UTC 2020
    - 3.2K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    plugin/pkg/admission/certificates/signing/admission.go 

    	if reflect.DeepEqual(oldCSR.Status.Certificate, csr.Status.Certificate) && apiequality.Semantic.DeepEqual(oldCSR.Status.Conditions, csr.Status.Conditions) {
		return nil
	}

	if !certificates.IsAuthorizedForSignerName(ctx, p.authz, a.GetUserInfo(), "sign", oldCSR.Spec.SignerName) {
		klog.V(4).Infof("user not permitted to sign CertificateSigningRequest %q with signerName %q", oldCSR.Name, oldCSR.Spec.SignerName)
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu May 28 16:20:40 UTC 2020
    - 3.5K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    plugin/pkg/admission/certificates/ctbattest/admission.go 

    	if a.GetOperation() == admission.Update && rbac.IsOnlyMutatingGCFields(a.GetObject(), a.GetOldObject(), kapihelper.Semantic) {
		return nil
	}

	if !certificates.IsAuthorizedForSignerName(ctx, p.authz, a.GetUserInfo(), "attest", newBundle.Spec.SignerName) {
		klog.V(4).Infof("user not permitted to attest ClusterTrustBundle %q with signerName %q", newBundle.Name, newBundle.Spec.SignerName)
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Sep 20 16:26:11 UTC 2023
    - 4K bytes
    - Viewed (0)
Back to top